SUMMARY:

Highly motivated Information Security Professional with an in - depth knowledge in Risk Management Framework (RMF), System Development Life Cycle (SDLC), and Vulnerability management using FISMA, NIST, FIPS and applicable standards. Strong communications skills, detail-oriented, and an ability to provide information security support for federal information systems.

PROFESSIONAL EXPERIENCE:

Confidential -Marlboro, MD

SECURITY CONTROL ASSESSOR

• Develop and maintain System Security Plans (SSP) and additional A&A documentation.
• Conduct system r isk a ssessments and develop Plan of Actions and Milestones (POA&M).
• Assist with compliance reviews and conduct audits to ensure information systems (IS) maintain the authorization baseline.
• Coordinate and implement security policies processes, procedures, and security control techniques.
• Ensure that information security requirements, including necessary security controls, are effectively integrated into the enterprise architecture.
• Assist with the initiation of protective and corrective measures when a security incident or vulnerability is identified, ensure IS security incidents are handled in accordance with established procedures.
• Ensure that risk mitigation activities are taking place and appropriate documentation is provided from the project team(s), or customer.
• Participate in a security governance program steering committee to provide centralized governance of security services, policies, processes and procedures
• Review new or modified infrastructure and application services to verify compliance, identify exceptions and work with requestor/architect to identify mitigations if necessary.
• Communicate effectively through written and verbal means to co-workers, subordinates and senior leadership.
• Collaborate with the team of information security professionals to conduct Security Authorization packages (C&A) based on NIST standards for general support systems and major applications.
• Provide input to management on appropriate FIPS 199 impact level designations and identify appropriate security controls based on characterization of the general support system or major applications.
• Document findings in the Security Assessment Report (SAR) and produce a Plan of Action & Milestones (POA&M) for all controls that have weaknesses and deficiencies..

Confidential, Bowie, MD

Security Analyst.

• Analyze and update System Security Plan (SSP), Risk Assessment (RA), Privacy Impact Assessment System Security test and Evaluation (ST&E) and the Plan of Actions and Milestones (POA&M)
• Designate systems and categorize its C.I.A using FIPS 199 and NIST SP
• Conduct interviews with selected personnel, document and evaluate business processes, and execute audit test programs to determine the adequacy and effectiveness of internal controls and compliance with regulations.
• Assist System Owners and ISSO in preparing C&A package for companies' IT systems, making sure that management, operational and technical security controls adhere to a formal and well - established security requirement authorized by NIST SP R4
• Assist the SOC team in documenting and reporting vulnerabilities by utilizing tools such as Splunk and NESSUS.
• Evaluate the effectiveness of internal control systems and identify areas of improvement, best practices, and lessons learned
• Conduct Self-Annual Assessment based on NIST SP A
• Document findings within Requirements Traceability Matrix (RTMs) and Security Assessment Reports (SARs).
• Review and analyze Nessus Vulnerability and Compliance scans, WebInspect scans, IBM Guardian, Burp Suite and DbProtect scans for possible remediation.
• Assess systems of varying scope and complexity and comprised of various technologies.
• Create standard templates for required security assessment and authorization documents, including risk assessments, security plans, security assessment plans and reports, contingency plans, and security authorization packages
• Provide weekly status reports on ongoing tasks and deliverables.

Confidential, GA

Oracle Database Administrator.

• Performed database performance tuning using AWR and ADDM reports.
• Used SQL Tuning advisor and Segment advisor
• Applied latest CPU patches and resolved various bug patches
• Performed 24/7 database support of all Oracle databases, ensured compliance with Oracle license agreement, providing support for both Oracle in a Sun Solaris (UNIX) Enterprise
• Server environment.
• Administered oracle backup with RMAN for full database backup and incremental backup.
• RMAN scripting for full database restore/recovery, point - in-time recovery, and automated backup and notification.
• Performed general technical troubleshooting and supported developers in tuning DB and apps for optimal performance.
• Monitored space usage and adjust database parameters as needed.
• Monitored backup operations and schedules manual backups as needed.
• Worked with system administrators to configure the system for optimal performance.

TECHNICAL SKILLS:

Software, Standards & Tools: Assessment & Authorization, NIST Risk Management Framework (RMF), NIST, Plan of Action and Milestones (POA&M), FIPS 199 System Security Categorization , System Security Plans (SSP) Security Assessment Report (SAR), Continuous Monitoring (CM), Contingency Plans (ISCP), Security Control Assessment (SCA), Microsoft Office, SharePoint, CSAM, RSA Archer - Management Tool